Guidance

Basic check: Processing standards

Updated 1 October 2021

© Crown copyright 2021

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/basic-check-guidance-and-policies/basic-check-processing-standards

Introduction

The Disclosure and Barring Service (DBS) was established in December 2012 under Part V of the Protection of Freedoms Act (POFA) to undertake disclosure and barring functions. There are specific legal requirements around these checks. Disclosure functions are set out in Part V of the Police Act 1997.

Who do the standards apply to?

The standards apply to all Responsible Organisations (ROs) with DBS, and recipients of Update Service information under section 116A of the Police Act 1997. The standards refer to any information exchanged between DBS and the Responsible Organisation.

The standards do not apply to other third parties. DBS will seek to ensure compliance with the standards through the full range of DBS assurance management processes.

All applicants for a DBS basic check should be made aware of these standards and be provided with a copy on request.

Disclosure Offences: Section 123 of the Police Act 1997

The offences listed in this section apply to a responsible person within a Responsible Organisation. An individual commits an offence if, with intent to deceive, he or she:

  • makes a false certificate which was issued under Part V of the Police Act
  • alters a certificate issued under part V of the Police Act
  • knowingly makes a false statement for the purpose of obtaining, or enabling another person to obtain, a DBS certificate

Responsible persons who are guilty of an offence under this section of the Police Act will be liable to prosecution and suspension or de-registration from the use of the DBS basic check service.

What happens if the standards are breached?

Responsible Organisations will receive personal information related to applications and, where Responsible Organisations are also employers, voluntary sector organisations or licensing authorities, will receive information when certificates are provided to them by their employees or applicants for posts, including volunteers.

Failure to comply with the obligations set out in the DBS Terms & Conditions including the Basic Check Processing Standards and the Basic Web Service Interchange Agreement documents will result in DBS considering suspension or cancellation of your registration to use the DBS basic check service.

The obligations

Registration details

A Responsible Organisation must adhere to the obligations as set out within this document, the Basic Check Terms and Conditions, the Basic Web Service and Interchange Agreement in order to retain its registration. Responsible Organisations must:

  1. Provide up-to-date information to DBS in respect of their registration information
  2. Ensure any electronic system used complies with the DBS Web Service Specification document set

Application process

Responsible Organisations must:

  1. Submit applications for a basic check in the format determined by DBS
  2. Ensure that informed consent has been recorded from the applicant for the RO to submit a basic check
  3. Ensure that applications for a basic check are completed accurately and that all data fields determined by DBS as mandatory are completed in full
  4. Ensure that any application submitted complies with DBS specifications as stipulated in line with current requirements
  5. Ensure that, where evidence checkers complete any part of the administration of the application process, sufficient training has been provided in order to comply with guidance set out by DBS

Identity verification

Responsible Organisations must:

  1. Verify the identity of the applicant prior to the submission of an application for a basic check by following the current guidelines issued by DBS
  2. Ensure that any person undertaking identity verification checks on their behalf follows the current guidelines issued by DBS

Data handling

Failure to comply with data handling requirements set out in the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA) may result in enforcement action from the Information Commissioner’s Office (ICO).

In line with GDPR and the DPA 2018, Responsible Organisations and those in receipt of Update Service information must:

  1. Have a written policy on the secure handling of information provided by DBS, electronically or otherwise, and make it available to individuals at the point of requesting them to complete a DBS application form or asking consent to use their information to access any service DBS provides
  2. Handle all information provided to them by DBS, as a consequence of applying for a basic check, in line with the obligations under the GDPR and DPA 2018, and must comply with security requirements under principle 7 of the DPA
  3. Handle all DBS-related information provided to them by their employee or potential employee in line with the obligations under GDPR
  4. Ensure that a result received as part of an application submitted electronically is not reproduced in such a way that it infers that it is a certificate issued by DBS
  5. Ensure any third parties are aware of GDPR and DPA principles and provide them with guidance on secure handling and storage of information. For data protection purposes, information passed to a Responsible Organisation by DBS remains the responsibility of the Responsible Organisation even if passed to a third party
  6. Ensure business continuity and disaster recovery measures are in place and comply with data protection requirements

Suitability policy

Responsible Organisations and those in receipt of Update Service information must:

  1. Have a written policy on the suitability of ex-offenders for employment in relevant positions. This should be available upon request to potential applicants and, in the case of those carrying out an umbrella function, should be made available to their clients. Clients of Responsible Organisations should make this policy available to their potential or existing employees
  2. Ensure that all applicants for employment are notified in advance of the requirement for a basic check
  3. Notify all potential applicants of the potential effect of a criminal record history on the recruitment and selection process and any recruitment decision
  4. Discuss the content of the basic check with the applicant before withdrawing any offer of employment

Payment of fees

Responsible Organisations must:

  1. Pay all fees relating to a basic check in line the trading terms of the DBS payment on account facility
  2. Pay all fees related to a basic check submitted after any decision by DBS to suspend registration or deregister the organisation
  3. Publish all fees, in relevant documentation, associated with the processing of criminal records check applications when you do so on behalf of others

Eligibility

A DBS basic check can be requested by an individual aged 16 or over for any purpose. The applicant’s certificate will contain unspent convictions and conditional cautions that are held on the Police National Computer. The Rehabilitation of Offenders Act (RoA) 1974 sets out rehabilitation periods after which convictions may become spent. There are differences between rehabilitation periods applying in England & Wales and Scotland.

DBS will only apply the England & Wales rehabilitation periods therefore Responsible Organisations must submit applications to the DBS if the applicant is living or working in England or Wales in order for the appropriate RoA to be applied. In parallel Disclosure Scotland will only apply Scottish rehabilitation periods therefore Responsible Organisations must submit applications to Disclosure Scotland if the applicant is living or working in Scotland. DBS and Disclosure Scotland will monitor applications to identify potential inappropriate jurisdictional application submissions.

Applicants could legally challenge Responsible Organisations who submit applications incorrectly to the DBS or Disclosure Scotland. Failure to comply with Data Protection Act requirements could result in enforcement action from the ICO.

Further information on basic check eligibility can be found at https://www.gov.uk/disclosure-barring-service-check.

Compliance requests

Responsible Organisations must co-operate in full when DBS enquiries are made in relation to:

  1. Ongoing compliance of Responsible Organisations with the DBS Terms & Conditions including the Basic Check Processing Standards and the Basic Web Service Interchange Agreement documents
  2. Implementing the suspension or de-registration of a Responsible Organisation where non-compliance is established in line with current procedures

Glossary

Responsible Organisation An organisation registered with DBS to submit basic disclosures on behalf of individuals or other companies
Registration The enablement of a Responsible Organisation by DBS to submit basic check applications and retrieve results
Umbrella function Responsible Organisations processing and submitting applications for employers not eligible to register with DBS
Unspent Under the Rehabilitation of Offenders Act 1974, some criminal convictions can be treated as ‘spent’ after a certain length of time - they are not relevant to be disclosed on a basic disclosure; following a specified period of time which varies according to the disposal administered or sentence passed, all cautions and convictions (except those resulting in prison sentences of over 30 months) are regarded as ‘spent’ and as a result the offender is regarded as rehabilitated
Back to top